In cybersecurity, we discuss preventing digital threats, detecting digital threats, gathering intelligence on new cyberattacks, and securing authentication. Yet we don’t often talk about what happens after a cyberattack—the recovery from a hack. Backup and Recovery technology has been around as long as cybersecurity solutions, yet conversations about it feel separate as if it isn’t related. Yet backup and recovery technology is essential to reducing network downtime after an attack and to reassuring consumers and investors.
Why does backup and recovery technology seem so distant from cybersecurity? How do the two relate? To get to the bottom of this, we spoke with Gijsbert van Doorn, Technology Evangelist at Zerto. Zerto is enterprise-level recovery and IT resilience software provider.
Here’s our conversation, edited slightly for readability:
Solutions Review: My sites focus primarily on cybersecurity/InfoSec (endpoint, SIEM, Identity management). Yet rarely do discussions of these solutions include backup, despite its importance in digital security. What do you think of this disconnect?
Gijsbert van Doorn: I think the disconnect is partially related to the fact that security teams are traditionally more network focused and less infrastructure focused, where backup and DR are mainly infrastructure focused.
SR: Is it likely to change in the near future?
GvD: I think that it is already changing as more and more organizations are adopting multidisciplinary teams to manage their IT. Also, when looking at the NIST Cyber Security framework, recovery is an essential part of that. With the constant (and increasing) threat of ransomware, more and more examples hit the news of where recovery was needed. I think the convergence of security and data protection or tighter integration is a trend right now.
SR: What features or capabilities should enterprises look for in their backup technology? And how should backup technology integrate with, say, endpoint security or SIEM?
GvD: Backup technology should help protect data, no matter what happens to it, and offer the granularity to ensure minimal data loss. It should have great visibility on protection status but also on the number of changes that took place on the protected items. Integrating this kind of data/analytics with tools like SIEM and other monitoring tools might lead to earlier detection of unusual behavior.
SR: In the current era of cloud migration, many enterprises operate under the belief that the cloud provider is responsible for their backup. We know this isn’t the case at all. How do we shake companies into realizing the responsibility they owe to their data?
GvD: The biggest “shake” is when enterprises face an actual issue. But right now regulations like GDPR help by forcing organizations to have a closer look at the protection of their data and making them prove recoverability to be compliant.
SR: How does and should backup technology operate on the cloud?
GvD: I think backup should operate the same way regardless of where the data resides. Only this way enterprises can achieve the highest availability of their data.
The only way to scale and offer the best support for these different clouds is making sure the used technology has tight integration with the used clouds (for example, using the native API’s available).
Unfortunately, when looking at existing backup technology, many of them don’t have cloud(s) integrated into a single, easy-to-use platform.
SR: Where do you think the future of backup technology is heading? And how will it correspond to the future of cybersecurity?
GvD: When looking at data protection requirements we see a shift in them caused, amongst others, by enterprises operating 24/7 (meaning systems should be “up” 24/7 but also deliver the performance end-users expect 24/7), digital transformation, and the ever-changing threats like ransomware. If we then look at current backup technology it is basically being done the same way as we have been doing for the last (let’s say) 35 years: taking a periodic copy of data.
And we need to ask ourselves if this is still the right way to guarantee the best protection, as this technology will not be able to deliver the granularity we want (and at scale). The future of backup technology is “continuous” backup, offering granularity at scale without impacting the performance of the protected systems.
Latest posts by Ben Canner (see all)
- 6 Questions About Machine Learning in SIEM (Answered!) - June 18, 2019
- 5 Unexpected Factors in SIEM Deployment to Consider - June 14, 2019
- The 24 Top 2019 SIEM Platforms for Enterprise Cybersecurity - June 13, 2019